- As the name suggests, the attack does not require any action by the targeted phone's user. It?can remotely infiltrate a device with?the help of spyware.
- Pegasus could infiltrate a device with a missed call on WhatsApp and could even delete the record of this missed call, making it impossible for the user to know they had been targeted.
- Pegasus contacts the attacker’s command and control (C&C) servers to receive and execute instructions and send back the target’s private data.
- Pegasus exploits undiscovered vulnerabilities, or bugs, in Android and iOS. A phone could be infected even if it has the latest security patch installed.
- Pegasus also exploits bugs in iMessage, giving it backdoor access to millions of iPhones.?
- The spyware can also be installed over a wireless transceiver (radio transmitter and receiver) located near a target.
- Pegasus can intercept and steal any information, including SMS, contacts, call history, calendars, emails and browsing histories. It can use your phone’s microphone to record calls and other conversations, secretly film you with its camera, or track you with GPS.
- The spyware is designed to evade forensic analysis, avoid detection by anti-virus software, and can be deactivated and removed by the attacker, when and if necessary.
- When Pegasus exploits a vulnerability in one’s phone’s operating system, there is nothing one can do to stop a network injection.
- If one has the budget, changing handsets periodically is perhaps the most effective remedy.
Senior Manager Consulting, Digital Risk
3 年Good that so far the operatives are governments....consequences could be far worse if such spyware can be accessed by cyber criminals out there.